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DETAILED ACTION 

1 . This action is response to communication: amendment received 02/04/2009. 

2. Claims 1-16 and 47-48 are current pending in this application. Claims 17-46 
have been withdrawn. Claims 47 and 48 are new. 

3. No new IDS has been received. 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
02/04/2009 has been entered. 

Response to Arguments 

Applicant's arguments filed 02/04/2009 have been fully considered but they are 
not persuasive. 

The applicants have argued that the background of the applicant is not admitted 
prior art. However, this is not persuasive, as the applicants have not argued specifically 
why the information in the background does not qualify as admitted prior art. Further, 
the applicants argue that the AAPA does not teach determining access based on the 
identification of the first and second assemblies. The applicants point to the 
background where it recites "the security model for the CLR bases access rights to a 
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protected resource on Code Access Security (CAS), not on user identity." However, 
this cited section exactly teaches what the applicants are claiming. CAS maintains 
security based on the identity of code, and not on user identity. The claim language 
does not claim identification of users. 

The applicants also argue that the Fee reference does not qualify as anticipatory 
prior art under 103(c). However, the Fee reference, although owned by the same 
assignee, qualifies as a 103(a) reference as well. Fee was published before the present 
application was qualified. As Fee qualifies as a 103(a), the applicants cannot invoke a 
103(c) argument. 

Although the claims have been amended, the references below still teach the 
amended limitations. 

Claim Rejections - 35 USC §112 

5. The previous 112 rejections have been withdrawn in response to applicant's 
amendments and arguments. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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7. Claims 1,2,4, 5, and 47 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over the Applicant's Admitted Prior Art (hereinafter the AAPA), and in view 
of Fee US Patent Application Publication 20030041267 (hereinafter Fee). 

As per claim 1 , the AAPA (used the paragraphs from publication) teaches an 
apparatus comprising instantiating in a managed code to execute with a runtime loader 
(paragraphs 2 and 3 of publication), for executing first and second assemblies of the 
one or more of the files instantiated in the managed code (paragraphs 2, 3, 4, and 5); 
means for making a call for access by the first assembly of the one or more files 
instantiated in the managed code to the second assembly of one or more files 
instantiated in the managed code (paragraphs 4 and 5); and means, based upon an ID 
for at least one of the first and second assemblies of the one or more files, for 
determining access privileges of the first assembly of the one or more files to the 
second assembly of one or more files (paragraphs 4 and 6). 

However, at the time of the invention, the AAPA does not explicitly teach virtual 
machine means. However, this is taught throughout Fee, such as in paragraph 30. 
Further, Fee teaches the use of security policies relating to identifiers such as in 
paragraphs 37, 55, 58, 72. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the AAPA and the Fee references. One of ordinary skill in the art 
would have been motivated to perform such an addition to dynamically and flexibly 
determine whether an assembly may be trusted with some amount of access to the 
user's system. (Fee paragraph 8). 
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As per claim 2, the AAPA teaches wherein the identity may be a user ID 
(paragraph 6). Further, Fee teaches user based security policies, such as in 
paragraphs 37, 55, 58, and 72. 

As per claim 4, Fee teaches wherein the means for determining access privileges 
further comprise: means for preventing the access of the first assembly to the second 
assembly when the determination based upon the ID for at least one of the first and 
second assemblies is unfavorable based upon predetermined criteria for the respective 
IDs (paragraphs 34, 42, 54, 64, 67, 68, and also AAPA paragraphs 4 and 6). 

As per claim 5, Fee teaches wherein the means for determining access privileges 
further comprises: means for preventing the access of the first assembly to the second 
assembly when the ID for the first assembly does not match the ID for the second 
assembly based upon a predetermined match criteria for the respective IDs (paragraphs 
34, 42, 54, 64, 67, 68, and also AAPA paragraphs 4 and 6). 

Claim 47 is rejected using the same basis of arguments used to reject claim 1 

above. 

8. Claims 3, 7, 14, 15, 16, and 48 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over the AAPA and Fee combination as applied above, and further in view 
of Bromley et al. US Patent No. 7,266,677 (hereinafter Bromley). 

As per claim 3, Fee teaches an execution engine means, in a native code 
portion, for executing the virtual machine means in runtime (abstract, paragraph 9, 25, 
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31), means, in a native code portion, for providing an operating system to be executed 
with the virtual machine means (paragraph 30, 31 , and 33). For further details on 
"native" code, which is also known as machine code or assembly code, Bromley 
teaches these limitations, such as in col. 3 line 60-col. 4 line 4;col. 11 line 52 to col. 12 
line 15; col. 12 line 35-col. 12 line 52; col. 12 line 45 to col. 13 line). 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the teachings of the AAPA combination with Bromley. One of 
ordinary skill in the art would have been motivated to perform such an addition to allow 
flexibility in systems, as it allows systems to communicate with each other when they 
operate in different operating environments (col. 2 lines 21-37). The references deal 
with communications across different networks that utilize assemblies. 

As per claim 7, Fee teaches the means for determining access privileges further 
comprising means for permitting the access of the first assembly to the second 
assembly when the ID for the first assembly matches the ID for the second assembly 
based upon a predetermined match criteria for the respective IDs (paragraphs 34, 42, 
54, 64, 67, 68, and also AAPA paragraphs 4 and 665). Bromley teaches wherein the 
assemblies from an intermediate language code and meta data are compiled into native 
code (col. 11 line 53 to col. 12 line 14; col. 12 line 35 to col. 13 line 5). Although 
metadata is not expclitly taught, it would have been obvious and common sense to 
compile all necessary information into native code. Bromley teaches that the necessary 
information is compiled into native code, and thus, it would have been obvious and 
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common sense to convert meta data, if needed, into native code as well if this data 
needed to be utilized. A CLR loader is also taught in paragraph 3 of the AAPA. 

Further, Bromely teaches the means for executing the compiled native code in 
the native code portion, wherein the first assembly accesses the second assembly (col. 
1 2 lines 1 -1 4, and the accessing of assemblies taught throughout Bromley and Fee). 

As per claim 14, Bromley teaches wherein the execution engine means in the 
native code portion further comprises a compiler to compile each said assembly into 
native code for execution by the native code portion (col. 3 lines 60-col. 4 line 4; col. 1 1 
line 52 to col. 12 line 15; col. 12 line 35 to col. 12 line 52). 

Claim 15 is rejected using the same basis of arguments used to reject claim 7 
above. Further, the AAPA teaches JIT that compilers may be used to compile code. 

As per claim 16, Bromley teaches means, in the native code portion, for forming 
a response to the call. , and means for returning the response to the first assembly in 
the managed code portion (col. 3 lines 60-col. 4 line 4; col. 11 line 52 to col. 12 line 15; 
col. 12 line 35 to col. 12 line 52). 

Claim 48 is rejected using the same basis of arguments used to reject claim 3 

above. 

9. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over the Fee, 
AAPA, and Bromley as applied, and further in view of Segarra et al. US Patent No. 
4,430,699 (hereinafter Segarra). 
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As per claim 6, the AAPA combination teaches preventing access of the first 
assembly to the second assembly, but does not explicitly teach wherein the rules are 
based upon application domains. However, this is taught by Segarra, such as in col. 34 
lines 30-40. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Segarra reference with the AAPA combination. One of ordinary 
skill in the art would have been motivated to perform such an addition to allow more 
security options to be available. As multiple systems are communicating with each 
other, it would be obvious to not allow systems with different application domains to 
communicate with each other, as it may lead to security problems. Further, Segarra 
deals with computer networks communicating with one another, and these teachings 
coincide with the teachings of the AAPA and Fee. 

1 0. Claims 8 and 9 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
the Fee combination as applied above, and further in view of Hardman et al. US Patent 
no. 2004/0059941 (hereinafter Hardman) 

As per claim 8, the Bromley combination does not explicitly teach permitting 
access of the first assembly to the second assembly when a previous said access has 
been permitted. However, this type of access control is well known in the art, and is 
illustrated by Hardman in paragraph 51 . 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the teachings of Hardman with the Fee combination. One of ordinary 
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skill in the art would have been motivated to perform such an addition to save time. As 
a user has already been authenticated once, it would not always be necessary to 
authenticate the user again once he's been authenticated. This would save time and 
processing speed. These type of access controls are well known in the art. Further, it 
teaches in paragraph 10 that it would be beneficial to provide one-time authorization 
and access to systems. 

As per claim 9, Hardman teaches wherein the previous said access had been 
permitted following a prior said determination that was favorabe based upon a 
predetermined comparison criteria for the respective IDs (paragraph 26). 

1 1 . Claims 1 0-1 2 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
The Fee combination as applied above, and further in view of Borza US Patent No. 
6,076,167 (hereinafter Borza) 

As per claim 1 0, means for compiling at least one of the first and second 
assemblies into native code is taught by Bromley, such as in col. 12 as described 
earlier. Further, permitting the means for compiling to compile at least one of the first 
and second assemblies into native code is taught by Bromley in col. 12 lines 35-col. 13 
line 5. However, at the time of the invention, the Bromley combination does not 
explicitly teach accuracy means, prior to the means for determinig access privileges, for 
determining whether the ID is accurate for the first and second assemblies. However, 
checking accuracy means before determining privileges and delying the determiniation 
until the ID is accurate is taught in Borza col. 12 lines 45-55. 
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At the time of the invention, it would have been obvious to implement the ideas 
taught by Borza with the Fee combination. One of ordinary skill in the art would have 
been motivated to perform such an addition to provide a method for securely 
transmitting data and for securely transmitting data across a network taht is capable of 
real time modification in order to increase security (col. 2 lines 1-7). 

As per claim 1 1 , the combination of Borza with the Bromley combination teaches 
these limitations of the claims. Fee and the APPA teaches that the assemblies are 
able to communicate after IDs are checked and accurate, as seen in the arguments 
above.. Bromley then teaches that the code is compiled into native code for runtime in 
col. 12 lines 1-14 and col. 12 lines 40-67. Also shown in col. 13 lines 15-24. 

As per claim 12, Borza teaches in col. 12 lines 45-55 that the ID's must be 
accurate before proceeding to access privileges. Therefore, since access privileges are 
halted, all other steps subsequently following it must halt as well, which would halt the 
system before it would run. 

12. Claim 1 3 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over the Fee 
combination as applied above, and further in view of Rompaey et al. US Patent No. 
5,870,588 (hereinafter Rompaey). 

As per claim 13, the Fee, AAPA, and Bromley combination teach the compilers 
and metadata, as seen in the rejection for claim 7 above. However, the combination 
does not teach all the limitations of this claim. These limitations are taught by the 
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Rompaey reference, in combination with the Fee, AAPA, and Bromley references. 
Rompaey teaches this, such as in col. 5 lines 28-54. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the references of Rompaey with the Fee combination. One of 
ordinary skill in the art would have been motivated to perform such an addition to 
provide synthesis tools to allow code to run independently of their design environments. 
Col. 5 lines 45-55. 

Conclusion 

1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2400 
02/20/2009 

/Kambiz Zand/ 
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